Detecting Common Network Problems, Part VII: Intrusions

Intrusions to your network can easily occur at anytime and often come from unexpected sources. Intrusions from hackers, internet worms, viruses, Trojans, or just people curious about what you happen to have on your network pose great threat to the security of you network. Network Monitoring allows you to identify network weaknesses, as well as detect intrusions should they occur.

Intrusion detection really occurs in two phases: vulnerability detection and monitoring. First, you must identify the vulnerabilities or security weaknesses present in the network. The most common issues here are default or weak passwords, unprotected network services, un-patched buffer overflow or denial of service vulnerabilities, improper configurations, and excessive privileges granted to users. These are just some of the vulnerabilities that may allow intrusions to occur. Once you identify vulnerabilities, you can monitor to detect anyone attempting to exploit the vulnerabilities in an effort to compromise the network.
Network Monitoring allows you to determine your organization's level of risk related to network intrusions, and then take significant steps to mitigate that risk by continuously monitoring for known attacks across the network.